Description

The spec states this about verification in 11.2:

"If the Claimed Identifier in the assertion is a URL and contains a fragment, the fragment part and the fragment delimiter character "#" MUST NOT be used for the purposes of verifying the discovered information."

By not following this Consumer improperly doesn't verify some claimed id's that it should.

Comments

Posted by Paul Huff (phuff) on 2008-04-18T00:11:05.000+0000

This patch respects (or doesn't as it were) the hash remark

Posted by Dmitry Stogov (dmitry) on 2008-04-18T08:09:17.000+0000

According to OpenID 2.0 specification, section 7.2, fragment MUST be stripped during normalization.
Please, reopen the bug if my fix doesn't work for you.

Posted by Darby Felton (darby) on 2008-04-21T13:48:02.000+0000

Marking as fixed for next minor release pending merge of changes to release-1.5 branch.